Papers

Blog

I recently repeated the DNS over TCP survey given to the REN-ISAC
community with the
FIRST community. FIRST membership is largely
made up of incident response teams from around the globe. All types of
industry sectors are represented within FIRST such as national CSIRTs,
banks, governments, and software vendors. I thought it might be
interesting to repeat the survey with a security community where there
may be some, but relatively little overlap in membership. I expected
FIRST survey respondents to express a greater desire to block or
restrict DNS over TCP traffic than their REN-ISAC counterparts. The
evidence failed to support that belief.

In April of this year I conducted an informal two-question survey aimed
at the general membership population of the REN-ISAC
community. The intent was to gather personal positions and associated
member institution stances on DNS over TCP (i.e. should it be filtered,
restricted, or unfettered). I was interested in gathering Internet
community perceptions after a recently submitted Internet-Draft on DNS
Transport over
TCP was
adopted by the IETF dnsop working group. REN-ISAC participants are
generally well regarded, having both a breadth of knowledge and above
average technical expertise. I had hoped the results would demonstrate
the “best case” representation of any organized security community. By
best case, I mean those who realize the pitfalls of filtering or
restricting DNS over TCP traffic, and who would generally accept that it
ought to be allowed unfettered.